It's not really a problem to trust notary responses signed by the old key so
long as we are also doing TLS validation.

This commit adds a check to the config parsing code at startup to check that
we do not have the insecure matrix.org key without tls validation, and refuses
to start without it.

This allows us to remove the rather alarming-looking warning which happens at
runtime.

Sometimes the build agents get lost or die (error codes -1 and 2). Retry automatically a maximum of 2 times if this happens.

Error code reference:

* -1: Agent was lost
* 0: Build successful
* 1: There was an error in your code
* 2: The build stopped abruptly
* 255: The build was cancelled

fixes #5153 

Set default room version to v4.

Make a full SQL schema

Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.

This PR is a culmination of 3 smaller PRs which have each been separately reviewed:

* #5308
* #5345
* #5368

There are a few changes going on here:

* We make checking the signature on a key server response optional: if no
  verify_keys are specified, we trust to TLS to validate the connection.

* We change the default config so that it does not require responses to be
  signed by the old key.

* We replace the old 'perspectives' config with 'trusted_key_servers', which
  is also formatted slightly differently.

* We emit a warning to the logs every time we trust a key server response
  signed by the old key.

1.0 upgrade/install notes

* Regen sample config before kicking off agents

* Add changelog

Fixes some warnings, and a scary-looking stacktrace when sytest kills the
process.

Fix get_max_topological_token to never return None

Make /sync return heroes if room name or canonical alias are empty

Validate federation server TLS certificates by default.

add a script to generate new signing_key files

Include left members in room summaries' heroes

Implement room v5 which enforces signing key validity

Associate a request_name with each verify request, for logging

Fix `federation_custom_ca_list` configuration option.

Previously, setting this option would cause an exception at startup.

* Update _matrix/client/versions to reference support for r0.5.0

* Fix background updates to handle redactions/rejections

In background updates based on current state delta stream we need to
handle that we may not have all the events (or at least that
`get_events` may raise an exception).

fixes #4951

Fix handling of failures when calling /event_auth.

* group together key validity refactors

Improve documentation of monthly active user blocking and mau_trial_days